|
|
|
|
|
|
by orangecat
414 days ago
|
|
|
the GDPR refrained -rightfully so, IMO- from any implementation details I would disagree with this. If you're going to force bad actors to take actions that they don't want to, and you give them wide latitude to decide how to comply, then of course they're going to try to find ways to satisfy the letter of the law while avoiding the law's underlying goal. surveilance industry adopted a "dark pattern" that annoys people to no end (the popups) so as to paint the GDPR in a bad light We should in fact blame lawmakers when they fail to anticipate the obvious consequences of their laws. This industry could've easily said "If we see a DNT header with level:x and domainmask:*, we'll assume NO to every tracking cookie and won't collect them". If they were the type of people to do that, then they wouldn't have been doing the invasive tracking in the first place. The GDPR would be far better if it simply banned individualized tracking. It would be somewhat better if it explicitly specified that sites must honor browser headers and specified the exact UI to use when requesting permissions. |
|
|
But imposing technical solutions in laws has hardly ever worked. Because these are almost always much easier to circumvent.
E.g. your suggestion to "honor browser headers" would be easy to circumvent by not having a browser - native apps, alt clients, etc. Google would easily track almost everything they do now through android, play services, email, docs, etc. And such implantation details inevitably get outdated. E.g. in The Netherlands we have a law that forbids, with severe punishment, that you read people's paper post. If only lawmakers hundreds of years ago had abstracted this to "correspondence" rather than paper mail in envelopes, it would've applied to email and probably all network traffic.